NetAccess IP3 - (Authenticated) Ping Option Command Injection

NetAccess IP3 - Force into shell By: r00t Shouts: G., Tee, ES, s1ngl3, and D1g1t5 Requirements: Remote access to an IP3 Any level control panel username/password Vendor Information: Thanks to Sebastian Wolfgarten sebastian at wolfgarten dot com for including vendor information in his AFD vuln...

The use of components plus the user-to vulnerability and early warning-the black bar safety net

by:lcx Today research about the user control panel file nusrmgr. cpl, the discovery call is to the Shell. Users to add users, it also simultaneously calls the wscript. shell, Shell. Application, Shell. LocalMachine these three components. But added to the user while this one Shell. Users is...

PABox管理控制面板PHP代码注入漏洞

BUGTRAQ: 8068 paBox的管理员控制面板模块在增加禁止用户访问功能上存在问题，远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。 用户如果可以登录管理员控制版面，由于bannedusers.php脚本对用户提交的URI变量缺少充分检查，攻击者可以通过全局注入来进行变量定义，指定远程系统中的PHP文件作为参数提交给 $file 变量，可导致以WEB进程权限执行PHP文件中包含的恶意代码。 paBox 1.6 厂商补丁： PHP Arena --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

CVE-2008-6950

Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password field...

CVE-2008-6950

CVE-2008-6950 describes multiple SQL injection vulnerabilities in the login.asp of Bankoi WebHosting Control Panel 1.20. The issues allow remote attackers to inject SQL via the (1) username or (2) password fields, potentially leading to arbitrary SQL execution. Affected component is the login han...

Multi Website 1.5 (index php action) SQL Injection Vulnerability

No description provided by source. + Bug : Powered by Multi Website 1.5 index php action Remote SQL Injection Vulnerability + Script home : http://www.multi-website.com + Affected versions : 1.5 + Solution : nothing .; ======================================================= == AuThOr : SarboT511 ...

Arab Portal v2.x (forum.php qc) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ Arab Portal v2.x forum.php qc Remote SQL Injection Exploit ============================================================ getqc &&!isset$apt-getqp $qc = $apt-getqc; $result =...

Arab Portal 2.x - forum.php SQL Injection

Arab Portal 2.x - forum.php SQL Injection getqc &&!isset$apt-getqp $qc = $apt-getqc; $result = $apt-query"select name,comment from rafiacomment where id='$qc'"; $row = $apt-dbarray$result; $apt-row'quote' = "\n\n\nQUOTE..... :".$row'name'."\n".$row'comment'."/QUOTE"; /code - Debug : code $qc =...

Arab Portal 2.x - 'forum.php' SQL Injection

getqc &&!isset$apt-getqp $qc = $apt-getqc; $result = $apt-query"select name,comment from rafiacomment where id='$qc'"; $row = $apt-dbarray$result; $apt-row'quote' = "\n\n\nQUOTE..... :".$row'name'."\n".$row'comment'."/QUOTE"; /code - Debug : code $qc = intval$apt-getqc; /code - Note : Path to...

CVE-2009-2569

Multiple cross-site scripting XSS vulnerabilities in Verlihub Control Panel VHCP 1.7e allow remote attackers to inject arbitrary web script or HTML via 1 the nick parameter in a login action to index.php or 2 the URI in a news request to index.html...

CVE-2009-2569

Multiple cross-site scripting XSS vulnerabilities in Verlihub Control Panel VHCP 1.7e allow remote attackers to inject arbitrary web script or HTML via 1 the nick parameter in a login action to index.php or 2 the URI in a news request to index.html...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Verlihub Control Panel VHCP 1.7e allow remote attackers to inject arbitrary web script or HTML via 1 the nick parameter in a login action to index.php or 2 the URI in a news request to index.html...

CVE-2009-2569

Verlihub Control Panel (VHCP) 1.7e contains cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script/HTML via (1) the nick parameter in a login action to index.php and (2) the URI in a news request to index.html. The connected documents confirm these two v...

CVE-2009-2569

Multiple cross-site scripting XSS vulnerabilities in Verlihub Control Panel VHCP 1.7e allow remote attackers to inject arbitrary web script or HTML via 1 the nick parameter in a login action to index.php or 2 the URI in a news request to index.html...

Netrix CMS 1.0 Authentication Bypass Vulnerability

No description provided by source. ======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :Netrix CMS 1.0 Auth Bypass Remote SQL Injection Vulnerability + Found by : Mr.tro0oq...

Netrix CMS 1.0 SQL Injection

======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :Netrix CMS 1.0 Auth Bypass Remote SQL Injection Vulnerability + Found by : Mr.tro0oqy + Script site : www.netrix.hu +...

Netrix CMS 1.0 - Authentication Bypass

Netrix CMS 1.0 - Authentication Bypass ======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :Netrix CMS 1.0 Auth Bypass Remote SQL Injection Vulnerability + Found by :...

Netrix CMS 1.0 - Authentication Bypass

======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :Netrix CMS 1.0 Auth Bypass Remote SQL Injection Vulnerability + Found by : Mr.tro0oqy + Script site : www.netrix.hu +...

CVE-2008-6859

Xigla Software Absolute Control Panel XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value...

CVE-2008-6859

Consolidated data from connected documents confirms CVE-2008-6859 affects Xigla Software Absolute Control Panel XE 1.5. The vulnerability allows remote attackers to bypass authentication and obtain administrative access by setting a specific cookie value. Exploitation is feasible over network wit...